Merge "Restrict VPN Diagnostics callbacks to underlying networks." am:... (e1f0c56f) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/ConnectivityService.java

+6 −3

Original line number	Diff line number	Diff line
		@@ -7951,10 +7951,13 @@ public class ConnectivityService extends IConnectivityManager.Stub
		return false;
		}

		final Network[] underlyingNetworks;
		synchronized (mVpns) {
		if (getVpnIfOwner(callbackUid) != null) {
		return true;
		final Vpn vpn = getVpnIfOwner(callbackUid);
		underlyingNetworks = (vpn == null) ? null : vpn.getUnderlyingNetworks();
		}
		if (underlyingNetworks != null) {
		if (Arrays.asList(underlyingNetworks).contains(nai.network)) return true;
		}

		// Administrator UIDs also contains the Owner UID

tests/net/java/com/android/server/ConnectivityServiceTest.java

+26 −2

Original line number	Diff line number	Diff line
		@@ -308,6 +308,8 @@ public class ConnectivityServiceTest {

		private static final long TIMESTAMP = 1234L;

		private static final int NET_ID = 110;

		private static final String CLAT_PREFIX = "v4-";
		private static final String MOBILE_IFNAME = "test_rmnet_data0";
		private static final String WIFI_IFNAME = "test_wlan0";
		@@ -1017,6 +1019,7 @@ public class ConnectivityServiceTest {
		private int mVpnType = VpnManager.TYPE_VPN_SERVICE;

		private VpnInfo mVpnInfo;
		private Network[] mUnderlyingNetworks;

		public MockVpn(int userId) {
		super(startHandlerThreadAndReturnLooper(), mServiceContext, mNetworkManagementService,
		@@ -1106,9 +1109,21 @@ public class ConnectivityServiceTest {
		return super.getVpnInfo();
		}

		private void setVpnInfo(VpnInfo vpnInfo) {
		private synchronized void setVpnInfo(VpnInfo vpnInfo) {
		mVpnInfo = vpnInfo;
		}

		@Override
		public synchronized Network[] getUnderlyingNetworks() {
		if (mUnderlyingNetworks != null) return mUnderlyingNetworks;

		return super.getUnderlyingNetworks();
		}

		/** Don't override behavior for {@link Vpn#setUnderlyingNetworks}. */
		private synchronized void overrideUnderlyingNetworks(Network[] underlyingNetworks) {
		mUnderlyingNetworks = underlyingNetworks;
		}
		}

		private void mockVpn(int uid) {
		@@ -6851,9 +6866,10 @@ public class ConnectivityServiceTest {

		@Test
		public void testCheckConnectivityDiagnosticsPermissionsActiveVpn() throws Exception {
		final Network network = new Network(NET_ID);
		final NetworkAgentInfo naiWithoutUid =
		new NetworkAgentInfo(
		null, null, null, null, null, new NetworkCapabilities(), 0,
		null, null, network, null, null, new NetworkCapabilities(), 0,
		mServiceContext, null, null, mService, null, null, null, 0);

		setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
		@@ -6866,11 +6882,19 @@ public class ConnectivityServiceTest {
		info.ownerUid = Process.myUid();
		info.vpnIface = "interface";
		mMockVpn.setVpnInfo(info);
		mMockVpn.overrideUnderlyingNetworks(new Network[] {network});
		assertTrue(
		"Active VPN permission not applied",
		mService.checkConnectivityDiagnosticsPermissions(
		Process.myPid(), Process.myUid(), naiWithoutUid,
		mContext.getOpPackageName()));

		mMockVpn.overrideUnderlyingNetworks(null);
		assertFalse(
		"VPN shouldn't receive callback on non-underlying network",
		mService.checkConnectivityDiagnosticsPermissions(
		Process.myPid(), Process.myUid(), naiWithoutUid,
		mContext.getOpPackageName()));
		}

		@Test